Researchers of the University of Toronto’s Citizen Lab have analyzed what appears to be a version of the FinSpy Trojan for mobile platforms.
The spy tool, which was already available for operating systems such as iOS,Â BlackBerry, Windows Mobile and Symbian, has command and control centers all over the Middle East, in countries among which Ethiopia, Bahrain, Brunei, Indonesia, Mongolia, Singapore, Turkmenistan and in the United Arab Emirates, but also Netherlands and the Czech Republic.
Code analysis revealed that the mobile version of the Trojan comes with state-of-the-art surveillance functionality that enables it to monitor rooms via silent calls, download files, track usersâ€™ location, and forward phone calls, SMS text messages and emails.
In their paper, Citizen Lab researchers add that installing any of the analyzed samples need some sort of human interaction. â€œAs with the previously analyzed FinSpy tool this might involve some form of socially engineered e-mail or other delivery, prompting unsuspecting users to execute the program. Or, it might involve covert or coercive physical installation of the tool, or use of a userâ€™s credentials to perform a third-party installation.â€
The mobile FinSpy targets the recent models of iOS products and silently installs itself deep into the system to download further code, while on Android and Windows Mobile handsets, the app mimics a signed system service component. On Symbian it impersonates a “System Update” originating from “Cyan Engineering Services” and on BlackBerry an “rlc_channel_mode_updaters”.
FinFisher FinSpy spyware is a commercial Trojan created by Gamma International known to be used also by the federal government in Germany and security agencies. The Trojan surfaced earlier this year as the main instrument of espionage against Bahraini Human Rights activists targeted by an email campaign delivering the sophisticated FinFisher spy tool.